Marcus Hutchins, the 25-year-old security researcher who was instrumental in stopping WannaCry, has been spared from serving any additional jail time for his role in creating the Kronos banking trojan.
Hutchins, also known by the handle MalwareTech, was sentenced on Friday by a US District Judge, after pleading guilty to two out of ten charges relating to the development and distribution of the Kronos malware. The British researcher was sentenced to time served, with a year of supervised release. The maximum sentence included up to ten years imprisonment, as well as substantial fines.
Under US Federal law, a supervised release consists of a period following a prisoner's incarceration during which they must continue to check in with a probation officer to ensure good conduct. While Hutchins only served a few days of jail time immediately following his 2017 arrest, he has been forced to remain in the US under house arrest until the conclusion of his trial.
The judge ruled that Hutchins is not required to remain in the US as part of his supervised release, meaning that he is free to return to the UK. However, Hutchins has publicly expressed his worry that he will not be permitted to return to the US following his sentencing, effectively cutting him off from major security events including Black Hat USA, DefCon and RSA Conference.
As part of his closing statements, the judge praised Hutchins' actions during the WannaCry outbreak, as well as his resilience during the course of the trial and his actions in recent years helping to stop cybercriminals. Prosecutors also credited his guilty plea and willingness to take responsibility for his previous actions.
Following the sentencing, Hutchins tweeted messages of thanks to his supporters, who have donated to legal funds and contributed letters of character support to the case. He also thanked his lawyers, who he said represented him pro bono. He said that after "things settle down", he aims to return his focus to educating people about cyber security.
